A web proxy server, sometimes called a web proxy, can serve a variety of purposes. Many of the purposes for using a proxy server are legitimate, but others are suspicious and sometimes malicious.
Using a simple definition, a proxy is basically a server that sits between a user and the destination server that the user is accessing. It is an intermediary or go-between that requests resources from the destination server on the user’s behalf.
On of the most common uses of a proxy server is for anonymous web surfing. When a user is connected through a proxy server, the IP address of the web proxy is used to communicate with the destination server and thus the IP address of the user is hidden. This can be used to allow a user access to systems where their access might normally be blocked, or because an IP address identifies a user’s geographic location, it can be used to disguise the country where a user is located.
There are thousands of free proxy servers set up in countries around the world, and lists of these servers can easily be found on the web. When a user visits one of these sites, they enter the web address of the site they wish to visit. From that point on, the true IP address of the user is protected and the destination server only sees the IP address of the proxy server.
Students use web proxies to allow them to access web sites whose IP addresses are blocked by their school’s server. For example, if a school has blocked all the known IP addresses for porn sites, students might still be able to access these sites through a proxy. Because of uses intended to circumvent normal security, lists of the IP addresses of known proxy servers are available, which can also be blocked by a company or school network.
If you are concerned about protecting your identity while on the web, a proxy server can help with anonymity. But be aware that these servers can have a malicious intent and can be used to cache information that passes through them, which means that you never want to use one of these intermediaries to log into your bank account or any web site where exposing user IDs and passwords can be detrimental. This can be a path to identity theft.
There are other malicious uses for these servers. Many e-commerce sites capture the IP addresses of customers who purchase products. They are used to identify the geographic location of a customer to help prevent fraud. If a customer’s street address is in Boston, but their IP address identifies their geographic location as Nigeria or China, the chances are more than good that a stolen credit card is being used. Many sophisticated online thieves use domestic drop points or freight forwarding companies where products are shipped and later forwarded to the thief. They have also learned to use web proxy servers to hide their location, or make it appear that they are located in a country not known for credit card fraud.
There are many legitimate uses for proxy servers. AOL has traditionally cached commonly visited web pages and altered JPG images by compressing them to speed up web access for their users. They can also be used by schools and companies to filter content, and by ISPs that restrict access to family friendly content.
If you are going to use a proxy server, try to identify those that are legitimate. Many are, but some are not. As a general rule, never access sensitive sites that require a user ID and password. This includes your e-mail accounts.
Bob Sumpter says
Thanks for the article!
I am not trying to be negative here, but I have a minor issue with it.
Quote : “If you are going to use a proxy server, try to identify those that are legitimate. Many are, but some are not.”
Exactly how do you do that? As far as I know there is no way to accomplish what you suggest here.
Most people don’t know that their ISP has nefarious dealings with statistics and user tracking companies that build private profiles on people without their consent. ISP’s (we are talking about major names here) allow these companies unhindered access to IP traffic by forcing all traffic through invisible web proxy gateways and giving these companies unhindered access to customer data.
In turn these private database companies keeps every bit of information they can harvest through the connections the customers are making and storing them in databases which are linked to real data, and private information.
Web proxies that support encryption to and from the the gateway are one way to avoid the illegal monitoring and eavesdropping that takes place by major ISP’s. The only problem?
Your ISP knows this, and if you try to use a non-encrypted search engine to find a VPN or Proxy service they will intercept and filter out options and replace them with their own in house services.
They have been doing this for several years now and the public seems completely unaware of this issue.
I have an issue with your article because it doesn’t address the real need for proxies, and that is to prevent your internet providers from profiling you and selling your “very” private information.
If you use your internet connection to search for secure gateways from which to browse and prevent illegal profiling, you will find that your traffic is being watched and manipulated to the point that you can’t even trust the services you are looking for.
I know of no way around these issues, and it makes me very angry. I have nothing to hide, but I also demand equal right access to the information that is being stored about me. I also demand the right to remove said information. In our current corporate/political atmosphere, you only have the right to be spied on.
Doogie says
Hi Bob
You have made a lot of valid points.
My main concern about the use of proxy servers is when they are used to mask the location of a user for purposes of credit card fraud.
I am aware of the rumors that some ISPs sell profiles. I have also heard that they are required by law to keep track of some user activities, but I have never been able to confirm that. Heck, Google profiles everyone’s activities and are about to launch a new version of their ad network that will customize ads based upon the types of sites a user commonly visits. Their search results will be customized in a similar manner by the end of 2009.
My point about legitimate proxies is that the use of a scammer proxy allows the proxy owner to track all of your activity, including User IDs and passwords. We are now finding out that even MD5 encryption can be cracked. If you are going to use any proxy, do not use it for sites where you need to enter sensitive information.
How do you determine if a proxy is legitimate? I do not have an answer for that one. The proxy owners that I know do run legitimate proxies. But there are literally thousands of proxy sites out there, and many are run by people who reside in countries where there are no laws against capturing private info. I would be more concerned about that, than I would about anything your ISP or the government is doing.
I share your concerns about privacy, but when it gets down to it, there really isn’t any such thing a real privacy today unless you want to move to the mountains and live in a cabin with no electricity or running water. A certain amount of surveillance is necessary by law enforcement agencies if you want them to catch the bad guys before they do something bad. I do not have a concern about the government monitoring things as long as it is used for legitimate purposes, but I draw the line after that.
If you are not doing anything illegal, and the information collected is not used for any suspicious purposes, and you cannot do anything about it, I would not spend much time worrying about it.